I posted about this back in 2018, but go no responses so I'm trying again.
We previously allowed all Teachers and Managers to manually enrol someone else as a Teacher in a course shell, because we were receiving too many requests from Teachers to add other Teachers. Then, one day we had an incident were an entire class was accidentally enrolled with the Teacher role. This group of "students" had access to stuff they should not have had. Fortunately, the logs show that nobody figured it out. WHEW!
Because of this near disaster, we removed the capability of a Teacher to add another Teacher. We still allow Managers with the assumption that they know better than to make that kind of mistake.
What I would like is to be able to allow both Managers and Teachers to enrol other teachers, but restrict the accounts that can be assigned the role. For us, we could do that based on the email address sub-domain, since our employees have an email ending in @ourschool.com and our students end in @student.ourschool.com.
Is anyone aware of a plugin or other method that can help add this level of security, without making more work for us?
Thanks, in advance.